Turkish hacker behind $55m cyber-spree pleads guilty in US
A Turkish hacker who masterminded a series of cyber attacks that enabled $55 million to be siphoned from automated teller machines around the world pleaded guilty on Tuesday.
Ercan Findikoglu pleaded guilty in a New York federal court to five counts, including computer intrusion conspiracy for leading a scheme that resulted in stolen debit card data being distributed and used to make fraudulent ATM withdrawals worldwide.
According to US prosecutors, the scheme is one of the most successful and coordinated bank heists in history, enabling in one particular attack in 2013 the withdrawal of $40 million from ATMs in 24 countries in a matter of about 10 hours.
The 34-year-old hacker, who authorities say was a leader in the scheme and was known online as "Segate" and "Predator," was extradited in June 2015 from Germany, where he was arrested in December 2013.
From 2010 to 2013, prosecutors said, hackers including Findikoglu gained access to the networks of prepaid debit card payment processors Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.
Once in, the hackers caused the prepaid cards' account balances to be dramatically increased to allow large excess withdrawals, prosecutors said.
A group managed by Findikoglu then disseminated the stolen debit card information to "cashing crews" around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.
According to US prosecutors, the scheme is one of the most successful and coordinated bank heists in history |
In exchange, Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash, prosecutors said.
The biggest heist, in which the $40 million was withdrawn, targeted cards issued by Bank Muscat in Oman and involved thieves in February 2013 executing 36,000 transactions, they added.
A separate February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims saw $10 million withdrawn globally.
In another in December 2012, cards issued by National Bank of Ras al-Khaimah in the United Arab Emirates were compromised, resulting in $5 million in losses, court documents said.
A New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations, authorities said. Thirteen of the crew's members have pleaded guilty.